US puts China in dock over cyber espionage

In a cyber-security first, the US government has publicly charged five members of the Chinese People's Liberation Army (PLA) with cyber espionage against American companies.

US puts China in dock over cyber espionage

The humiliating indictment of the Chinese officers includes this FBI ‘Most Wanted' poster (see illustration) clearly showing some of them in their army uniforms.

As reported by SCMagazine.com, the grand jury indictment – issued on 1 May by the Western District of Pennsylvania and announced by US Attorney General Eric Holder on Monday - charges the five with 31 counts of computer hacking, theft of trade secrets and related offences against Westinghouse, SolarWorld, the US Steel Corp, Allegheny Technologies, Alcoa and the US Steelworkers' Union.

The move has provoked a furious response from the Chinese government, which has accused the US of deceit and double standards and has summoned the US Ambassador in Beijing. It has also halted the activity of the Sino-US Internet Working Group.

The US has admitted to its own cyber spying but is seeking to draw a line between ‘state' and industrial espionage. China has said the charges will damage relations between the two countries.

The indictment claims that between 2006 and 2014, Wang Dong, Sun Kailiang, Wen Xinyu, Huang Zhenyu and Gu Chunhui – all officers in Unit 61398 of the PLA - were involved in a hacking conspiracy.

The FBI gave details of the claimed industrial espionage carried out by the five officers, saying: “Each provided his individual expertise to an alleged conspiracy to penetrate the computer networks of six American companies while those companies were engaged in negotiations or joint ventures or were pursuing legal action with, or against, state-owned enterprises in China.

“They then used their illegal access to allegedly steal proprietary information including, for instance, email exchanges among company employees and trade secrets related to technical specifications for nuclear plant designs.”

When announcing the charges at a press conference Washington DC on Monday, Assistant US Attorney General for National Security, John Carlin, said: “State actors engaged in cyber espionage for economic advantage are not immune from the law just because they hack under the shadow of their country's flag.

“Cyber theft is real theft, and we will hold state-sponsored cyber thieves accountable as we would any other transnational criminal organisation that steals our goods and breaks our laws.”

FBI Director James B Comey added: ““For too long, the Chinese government has blatantly sought to use cyber espionage to obtain economic advantage for its state-owned industries. The indictment announced today is an important step. But there are many more victims, and there is much more to be done.”

The indictment supports a famous research paper issued last year by Mandiant, laying bare the activities of Unit 61398. Mandiant (now owned by FireEye) claimed at the time that the Unit was staffed by hundreds or possibly thousands of people, and was responsible for stealing data from more than 140 organisations, including European entities.

But cyber security expert and blogger Brian Honan of BH Consulting believes the charges could lead to ‘tit-for-tat' moves by China and even counter-charges against members of the US NSA and Britain's GCHQ.

He told SCMagazineUK.com via email: “This could be the start of a new cold war-type of era with relations between the west and China. Already we have seen China respond to these accusations by suspending co-operation with the US on certain initiatives relating to internet security.

“We could also see a tit-for-tat response, similar to those witnessed during the height of the cold war between the US and the Soviet Union, where China may lay similar charges against members of the security services in western countries such as GCHQ and the NSA.”

But Paul C Dwyer, chief cyber security strategist for Mandiant, told SC: “There's going to be lots of tit-for-tat going on from the point of view of accusations being made but the reality is I don't think there'll be any evidence found that any nation state (body) such as the NSA or GCHQ or anybody like that has been behind any industrial-type of espionage.”

Dwyer supported the US attempt to distinguish between state and industrial cyber espionage, telling SC: “It's understood by most in the world these days that there's a certain amount of state espionage goes on. We have to look at the motivations for any type of surveillance that goes on between nation states. I think there's a big difference between someone doing that for security or anti-terrorism type reasons, and somebody doing it for industrial or commercial gain – that's the big difference.”

Dwyer pointed out that after the Mandiant APT1 report the Chinese Unit went quiet for a time then resumed “business as usual”.

Tom Cross, director of security research at Lancope, said in an emailed comment to journalists: "This important move by the US Department of Justice is a step forward on the long road toward establishing a set of international norms regarding cyber espionage.

“Part of addressing the problem of international spying on the internet involves setting standards for what is and is not an acceptable target. While I doubt that foreign military commanders who are prosecuted by the Department of Justice will be successfully apprehended and brought to justice, these prosecutions do send a clear message regarding what sort of behaviour the US views as unacceptable.

“That message will prompt a dialogue about International norms in this area, and having that dialogue is a vital part of coming to grips with the impact that Internet security issues are having on our societies."

* The US indictment follows the latest ‘Snowden' claims from journalist Glenn Greenwald that the NSA's own cyber spying has involved it secretly recording and archiving virtually every mobile phone conversation made in The Bahamas via a backdoor into the country's mobile phone network, while also monitoring the telecoms systems of other countries, including Mexico, the Philippines and Kenya.

SC Media UK arms cyber-security professionals with the in-depth, unbiased business and technical information they need to tackle the countless security challenges they face and establish risk management and compliance postures that underpin overall business strategies.